istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/adsc/util.go (about) 1 // Copyright Istio Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package adsc 16 17 import ( 18 "crypto/tls" 19 "strings" 20 21 "istio.io/istio/pkg/config" 22 "istio.io/istio/pkg/config/schema/collections" 23 "istio.io/istio/pkg/security" 24 ) 25 26 func getClientCertFn(config *Config) func(requestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error) { 27 if config.SecretManager != nil { 28 return func(requestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error) { 29 key, err := config.SecretManager.GenerateSecret(security.WorkloadKeyCertResourceName) 30 if err != nil { 31 return nil, err 32 } 33 clientCert, err := tls.X509KeyPair(key.CertificateChain, key.PrivateKey) 34 if err != nil { 35 return nil, err 36 } 37 return &clientCert, nil 38 } 39 } 40 if config.CertDir != "" { 41 return func(requestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error) { 42 certName := config.CertDir + "/cert-chain.pem" 43 clientCert, err := tls.LoadX509KeyPair(certName, config.CertDir+"/key.pem") 44 if err != nil { 45 return nil, err 46 } 47 return &clientCert, nil 48 } 49 } 50 51 return nil 52 } 53 54 func convertTypeURLToMCPGVK(typeURL string) (config.GroupVersionKind, bool) { 55 parts := strings.SplitN(typeURL, "/", 3) 56 if len(parts) != 3 { 57 return config.GroupVersionKind{}, false 58 } 59 60 gvk := config.GroupVersionKind{ 61 Group: parts[0], 62 Version: parts[1], 63 Kind: parts[2], 64 } 65 66 _, isMCP := collections.Pilot.FindByGroupVersionKind(gvk) 67 if isMCP { 68 return gvk, true 69 } 70 71 return config.GroupVersionKind{}, false 72 }